A new phishing scam can present what seems like a Google sign-in page if users click on attachments, which will wind up sending account names and passwords to hackers.
Recent Email Scam May Fool Google Members
Here’s how the latest scam works: A scammer will send an email to your Gmail account. The email likely will appear like it is coming from one of your contacts and ask you to look at an attached file, like a PDF or Word document. It may appear to be legitimate because it appears to be coming from one of your contacts, however when you click on the attachment in order to preview the attachment, a whole new tab opens and prompts you to sign in to your Gmail account.
If you do, the scammer now has access to your account. What’s more, they’re able to utilize one of your actual email attachments and subject lines to attempt to dupe someone else on your contact list too. How can you spot the scam? Always check the browser bar before you log in. The Google sign-in page that users are directed to appears legit, with the same logo, text boxes, and tagline.
But the address bar will be the tell-all: The page is a data URI using the prefix “data:text/html.” It’s not a URL that begins “https://.” Google also has recently released a Chrome update to 56.0.2924 to help spot such fake forms. Using the update, when you go to a data URL, the location bar shows “Not Secure” to help users spot phishing scams more easily.
Users on laptop and desktop computers can often hover their cursor over the attachment to examine its URL before clicking.
We get emails all the time from supposed other agents about closing documents or transactions that we are not even involved with, so we always say, call first before clicking on any attachment. We would love to hear your comments or feedback on how you keep your information safe & secured. Simply click here to let us know.